{"id":8345,"date":"2022-04-11T00:00:00","date_gmt":"2022-04-10T22:00:00","guid":{"rendered":"https:\/\/i2cat.net\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/"},"modified":"2025-07-23T11:41:37","modified_gmt":"2025-07-23T09:41:37","slug":"openueba-a-systematic-approach-to-learn-behavioural-patterns","status":"publish","type":"post","link":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/","title":{"rendered":"OpenUEBA &#8211; A systematic approach to learn Behavioural patterns"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Data-driven applications are disrupting our actual culture; changing our careers, routines and habits. The Cybersecurity sector is not lagging, being Artificial Intelligence adopted in the nearby 80s as a paradigm to automatize decision-making. Even with the great performance of artificial intelligence based technologies, being the core of many actual security tools like\u00a0 IDS, EDRs, Firewalls, and more, it is not enough to detect new multilayered attacks on real environments.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The growing opportunity of Artificial Intelligence to lead the next Cybersecurity tools is significant and will disrupt the market, changing the actual paradigm from expert systems to data-driven systems allowing to optimize the decision-making process, reducing the response time, and learning from the historical knowledge of the environment. User and Entity Behaviour Analytics (UEBA) is a latent research field with a focus on modeling and predicting the user and the entity behaviors in the network through Artificial Intelligence.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The UEBA frameworks are conceptualized and modeled as data-driven projects: The first step of any UEBA framework is Behaviour Profiling, in this step the different data sources are modeled in feature vectors used to represent the properties or characteristics of the users. Later, the calculated feature vectors are fitted into a Machine Learning model used to learn the Historical Behaviour; describing what is the baseline activities of the user and also the Peer Behaviour; the similarity of the user amongst other users. Finally, the risk analysis module generates valuable knowledge for the stakeholder, based on previous local incidents and known external incidents documented through public threat intelligence sources.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-19604 size-full\" src=\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/UEBA_diagram.png\" alt=\"\" width=\"610\" height=\"251\" \/><\/p>\n<p><span style=\"font-weight: 400;\">The i2CAT Foundation is committed to developing the <a href=\"https:\/\/openueba.org\/\" target=\"_blank\" rel=\"noopener\">OpenUEBA<\/a> &#8211; an open-source framework targeted to estimate the user and entity exposition analysis against specific threats allowing the stakeholder to take counterfactual measures before users are affected by threats. In detail, the framework resorts to Artificial Intelligence techniques to learn behavioral patterns from entities with evidence of compromise. Then, the discovered patterns are inferred, computing the behavior likelihood of near entities, allowing the stakeholder to take preventive actions before the incidents related to the behavior materializes.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As seen, Artificial Intelligence will play a crucial role in defining the next generation&#8217;s defenses against threats. We believe that Behavioural Analytics allows a new dimension of study improving the visibility and reaction time against specific threats. In specific, we demonstrate a methodology to study how Behavioural Techniques could be used to learn Behavioural patterns that in comparison with misuse systems indicators of compromise, are resilient abstracting TTP which can be exported to multiple environments.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data-driven applications are disrupting our actual culture; changing our careers, routines and habits. The Cybersecurity&#8230;<\/p>\n","protected":false},"author":1,"featured_media":6871,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-8345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\" \/>\n<meta property=\"og:locale\" content=\"ca_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre\" \/>\n<meta property=\"og:description\" content=\"Data-driven applications are disrupting our actual culture; changing our careers, routines and habits. The Cybersecurity...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\" \/>\n<meta property=\"og:site_name\" content=\"i2CAT Research Centre\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-10T22:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-23T09:41:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"843\" \/>\n\t<meta property=\"og:image:height\" content=\"243\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Whads\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\"},\"author\":{\"name\":\"Whads\",\"@id\":\"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387\"},\"headline\":\"OpenUEBA &#8211; A systematic approach to learn Behavioural patterns\",\"datePublished\":\"2022-04-10T22:00:00+00:00\",\"dateModified\":\"2025-07-23T09:41:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\"},\"wordCount\":426,\"image\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg\",\"inLanguage\":\"ca\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\",\"url\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\",\"name\":\"OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre\",\"isPartOf\":{\"@id\":\"https:\/\/i2cat.net\/ca\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg\",\"datePublished\":\"2022-04-10T22:00:00+00:00\",\"dateModified\":\"2025-07-23T09:41:37+00:00\",\"author\":{\"@id\":\"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387\"},\"breadcrumb\":{\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#breadcrumb\"},\"inLanguage\":\"ca\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ca\",\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage\",\"url\":\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg\",\"contentUrl\":\"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg\",\"width\":843,\"height\":243},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/i2cat.net\/ca\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenUEBA &#8211; A systematic approach to learn Behavioural patterns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/i2cat.net\/ca\/#website\",\"url\":\"https:\/\/i2cat.net\/ca\/\",\"name\":\"i2CAT Research Centre\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/i2cat.net\/ca\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ca\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387\",\"name\":\"Whads\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ca\",\"@id\":\"https:\/\/i2cat.net\/ca\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d9d2300fdbde5264b2e261561e01d17b67a9793782dfd06f76dc2f92cd348f35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d9d2300fdbde5264b2e261561e01d17b67a9793782dfd06f76dc2f92cd348f35?s=96&d=mm&r=g\",\"caption\":\"Whads\"},\"sameAs\":[\"https:\/\/i2cat.net\"],\"url\":\"https:\/\/i2cat.net\/ca\/author\/whads\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/","og_locale":"ca_ES","og_type":"article","og_title":"OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre","og_description":"Data-driven applications are disrupting our actual culture; changing our careers, routines and habits. The Cybersecurity...","og_url":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/","og_site_name":"i2CAT Research Centre","article_published_time":"2022-04-10T22:00:00+00:00","article_modified_time":"2025-07-23T09:41:37+00:00","og_image":[{"width":843,"height":243,"url":"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg","type":"image\/jpeg"}],"author":"Whads","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#article","isPartOf":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/"},"author":{"name":"Whads","@id":"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387"},"headline":"OpenUEBA &#8211; A systematic approach to learn Behavioural patterns","datePublished":"2022-04-10T22:00:00+00:00","dateModified":"2025-07-23T09:41:37+00:00","mainEntityOfPage":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/"},"wordCount":426,"image":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage"},"thumbnailUrl":"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg","inLanguage":"ca"},{"@type":"WebPage","@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/","url":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/","name":"OpenUEBA - A systematic approach to learn Behavioural patterns - i2CAT Research Centre","isPartOf":{"@id":"https:\/\/i2cat.net\/ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage"},"image":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage"},"thumbnailUrl":"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg","datePublished":"2022-04-10T22:00:00+00:00","dateModified":"2025-07-23T09:41:37+00:00","author":{"@id":"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387"},"breadcrumb":{"@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#breadcrumb"},"inLanguage":"ca","potentialAction":[{"@type":"ReadAction","target":["https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/"]}]},{"@type":"ImageObject","inLanguage":"ca","@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#primaryimage","url":"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg","contentUrl":"https:\/\/i2cat.net\/wp-content\/uploads\/2025\/07\/OpenUEBA.jpg","width":843,"height":243},{"@type":"BreadcrumbList","@id":"https:\/\/i2cat.net\/ca\/openueba-a-systematic-approach-to-learn-behavioural-patterns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/i2cat.net\/ca\/"},{"@type":"ListItem","position":2,"name":"OpenUEBA &#8211; A systematic approach to learn Behavioural patterns"}]},{"@type":"WebSite","@id":"https:\/\/i2cat.net\/ca\/#website","url":"https:\/\/i2cat.net\/ca\/","name":"i2CAT Research Centre","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/i2cat.net\/ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ca"},{"@type":"Person","@id":"https:\/\/i2cat.net\/ca\/#\/schema\/person\/7cac1f500e2432e4769aa43db55d9387","name":"Whads","image":{"@type":"ImageObject","inLanguage":"ca","@id":"https:\/\/i2cat.net\/ca\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d9d2300fdbde5264b2e261561e01d17b67a9793782dfd06f76dc2f92cd348f35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d9d2300fdbde5264b2e261561e01d17b67a9793782dfd06f76dc2f92cd348f35?s=96&d=mm&r=g","caption":"Whads"},"sameAs":["https:\/\/i2cat.net"],"url":"https:\/\/i2cat.net\/ca\/author\/whads\/"}]}},"_links":{"self":[{"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/posts\/8345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/comments?post=8345"}],"version-history":[{"count":1,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/posts\/8345\/revisions"}],"predecessor-version":[{"id":8346,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/posts\/8345\/revisions\/8346"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/media\/6871"}],"wp:attachment":[{"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/media?parent=8345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/categories?post=8345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/i2cat.net\/ca\/wp-json\/wp\/v2\/tags?post=8345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}